March 8, 2007, 12:00 AM

Massachusetts bill puts merchants on the security hot seat

A state bill in Massachusetts proposes to make merchants liable for the full cost of replacing payment cards if their networks get hacked.

Paul Demery

Managing Editor, B2B E-commerce

While credit card companies and consumers exert more pressure on merchants to protect financial records store in computer networks, a bill recently introduced in the Massachusetts state legislature proposes to make merchants liable for the full cost of replacing payment cards if their networks get hacked.

“If retailers know they’ll be held liable, they’ll be more likely to secure customer data,” says Adam Martignetti, chief of staff for Rep. Michael Costello, who has submitted House Bill 213, “An Act Relative to Enhancing the Confidentiality and Protection of Certain Consumer Information.” The first legislation of its kind, the bill has been generating interest from other states and from federal legislators, he adds.

The bill was introduced shortly before TJX Companies Inc. reported in January criminals had broken into its computer systems in 2005 and 2006 and stole customer information from a network that handles credit card, debit card, check and merchandise-returns transactions. The bill, intended to force retailers to abide more closely by industry security standards, complements other efforts by the credit card companies, which recently increased their fines up to $25,000 a month for large merchants who don’t comply with the payment card industry data security standards, which are comprised of 12 general requirements for such actions as assuring that networks have updated security patches from software vendors, not storing sensitive customer data, and deploying software applications that encrypt the customer data that they do store in databases.

Pressure on merchants is also increasing from consumer awareness of the vulnerability of data. In a recent survey of 2,000 consumers by the Chief Marketing Officers Council, 40% of respondents said they had aborted a planned purchase either online or in a store because of concerns about the security of their personal data. In the same survey, 50% of respondents indicated they would avoid buying from a company whose customer databases had been hacked.


Sign In to Make a Comment

Comments are moderated by Internet Retailer and can be removed.

Not a member? Signup for free today!




Relevant Commentary


Jason Squardo / Mobile Commerce

Five tips for achieving high mobile search rankings

Searches on mobile devices will soon exceed those on computers, Google says. Retailers that keep ...


Sergio Pereira / B2B E-Commerce

Quill turns to its B2B customers for new ideas

Coming in April is a new section of that will let customers and Quill ...